-
- https://www.cisa.gov/sbom
- https://en.wikipedia.org/wiki/Software_supply_chain
- https://www.ntia.gov/page/software-bill-materials
- https://www.iotsecurityfoundation.org/wp-content/uploads/2023…
-
### Tool or Product name
Black Duck SCA
### Open Source or Proprietary
proprietary
### Company or Organization name
Synopsys
### Organization or Company Logo Usage
- [X] Already a member of SPD…
-
**User Story**
As a cluster operator, i want to know the list of dependencies Cluster API brings for assurance within our organisation's software supply chain.
**Detailed Description**
* Cr…
-
Need a documented process to create software bill of materials in the formats
* [ ] CycloneDX
* [ ] SPDX
to be ready for publication with each release.
Should be an automatic generation if pos…
-
### Type
Suggestions for Improvement
### What would you like to report?
**Context**
One of the parts of the supply chain in modern ML systems is MLOps software - like i.e. MLFlow, Prefect et…
mik0w updated
2 months ago
-
Updated AWS public resources here reference IRAP/ISM and would improve guidance
https://aws.amazon.com/blogs/security/aws-customer-compliance-guides-now-publicly-available/
Also worth increasi…
adonm updated
2 months ago
-
### Summary
All reports published by security companies prove that Software Supply Chain Attacks are on the rise. There is no doubt that they will continue to increase in the coming years. With this …
-
/spec a computer that has its own sovereign technology stack with a form factor similar to a Mac Mini
-
Software Supply Chain Security become a critical approach for many security programs. Vietnam is also a country that adopts new standards, and processes to enhance their chance in Software Supply Chai…
-
Hello,
github runner images team here.
we are looking for securing supply chains when adding software to CI images.
are there checksum available ? or maybe some recommended validation approach.…